United States Government Accountability Office Report to Congressional Requesters DEPARTMENT OF April 2018 HEALTH AND HUMAN SERVICES Office of Inspector General’s Use of Agreements to Protect the Integrity of Federal Health Care Programs GAO-18-322 April 2018 DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of Inspector General’s Use of Agreements to Highlights of GAO-18-322, a report to Protect the Integrity of Federal Health Care Programs congressional requesters Why GAO Did This Study What GAO Found HHS-OIG has the authority to exclude To help improve adherence to federal health care program requirements by providers and other entities that have entities that have allegedly engaged in certain acts, such as submitting false or committed certain acts, such as fraudulent claims, the Department of Health and Human Services’ Office of submitting false or fraudulent claims, Inspector General (HHS-OIG) entered into 652 agreements with those entities from participation in federal health care from July 2005 to July 2017. Since 2010, two types of agreements have been programs. However, HHS-OIG can used: Corporate Integrity Agreements (CIA) and Integrity Agreements (IA). The enter into agreements—CIAs and more commonly used CIAs apply to larger entities, compared to IAs, which apply IAs—with providers and other entities to individual practitioners or small businesses. From July 2005 through July as an alternative to exclusion. HHS- 2017, about half of all agreements were with 3 types of entities—individual or OIG is responsible for negotiating such small group practices, hospitals, and skilled nursing facilities. agreements—which it typically does at the same time the Department of Annual Distribution of HHS-OIG’s New Agreements to Protect Federal Health Care Program Justice (DOJ) is negotiating a legal Integrity, by Type, July 2005 – July 2017 settlement to resolve related allegations—and then monitoring the entities’ compliance with them. GAO was asked to review HHS-OIG’s use of these agreements. This report describes (1) the number of agreements and their general characteristics; (2) the circumstances that may lead to an agreement and the standard provisions of agreements; and (3) monitoring efforts and actions taken, if any, in response to noncompliance with the agreements. GAO examined agreements entered into from July 2005 (when HHS-OIG created its database) through July 2017 (most current at the time of GAO’s analyses) and used HHS-OIG data to describe agreements’ characteristics and actions to address For new agreements since July 2005, the most common initial allegations that noncompliance. GAO reviewed HHS- led to an entity entering into an agreement included billing for services not OIG documentation, including provided and providing medically unnecessary services. When negotiating agreement templates and a selection agreements, HHS-OIG uses one of six templates that address the different types of agreements to identify standard of entities or conduct involved. Across agreements the provisions are generally provisions. GAO also interviewed similar—for example, requirements to provide training on specified topics or to HHS-OIG and DOJ officials. hire a compliance officer. GAO provided a draft of this report to HHS-OIG uses multiple strategies to oversee agreements, such as requiring HHS and DOJ. The agencies provided periodic reports from the entities that demonstrate compliance and assigning a technical comments, which were monitor to review these reports and conduct site visits. HHS-OIG can also take incorporated as appropriate. certain actions to address noncompliance. For example, for new agreements from July 2005 through July 2017, HHS-OIG imposed monetary penalties 41 View GAO-18-322. For more information, contact Kathleen M. King at (202) 512-7114 or times, ranging from $1,000 to more than $3 million (median of $18,000), and kingk@gao.gov. excluded 4 entities from participation in federal health care programs. United States Government Accountability Office Contents Letter 1 Background 5 From 2005 through 2017, HHS-OIG Entered into Dozens of New Agreements Each Year, the Majority of Which Applied to Three Types of Entities 8 HHS-OIG Considers Risk Factors, Such As an Entity’s Conduct, When Evaluating Whether to Exercise its Exclusion Authority and in Negotiating Agreements 16 HHS-OIG Uses Multiple Strategies to Ensure Compliance with Terms of Agreements and Imposes Certain Penalties When Noncompliance Is Identified 21 Agency Comments 26 Appendix I GAO Contact and Staff Acknowledgments 27 Figures Figure 1: Annual Distribution of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity, by Type, July 2005 – July 2017 9 Figure 2: Number of HHS-OIG’s New and Ongoing Agreements to Protect Federal Health Care Program Integrity That Were in Place Each Year, July 2005 – July 2017 11 Figure 3: Distribution of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity, by Type of Entity, July 2005 – July 2017 12 Figure 4: Number of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity That Were and Were Not Associated with Qui Tam Cases, July 2005 – July 2017 14 Figure 5: Total Settlement Amounts, by Qui Tam Status, among Entities That Also Entered into an Agreement to Protect Federal Health Care Program Integrity with HHS-OIG, July 2005 – July 2017 15 Page i GAO-18-322 Agreements to Protect Federal Health Care Programs Abbreviations CIA corporate integrity agreement DOJ Department of Justice HHS-OIG Department of Health and Human Services’ Office of Inspector General IA integrity agreement This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Page ii GAO-18-322 Agreements to Protect Federal Health Care Programs Letter 441 G St. N.W. Washington, DC 20548 April 3, 2018 The Honorable Ron Wyden Ranking Member Committee on Finance United States Senate The Honorable Claire McCaskill Ranking Member Committee on Homeland Security and Governmental Affairs United States Senate For federal health care programs like Medicare and Medicaid to function effectively, the many providers and other entities who participate must comply with federal health care program requirements. If an entity is found to have committed certain acts, such as submitting false or fraudulent claims, the Department of Health and Human Services’ Office of Inspector General (HHS-OIG) has the authority to exclude them from future participation in Medicare, Medicaid, and other federal health care programs. 1 This permissive exclusion authority applies to certain acts, such as those prohibited by the False Claims Act, Anti-Kickback statute, and Stark law, among others. 2 As an alternative to exercising its authority to exclude an entity, HHS-OIG often negotiates and enters into corporate integrity agreements (CIAs) and integrity agreements (IAs) with health care providers and other 1 See 42 U.S.C. § 1320a-7(b) (permissive exclusion authority). While HHS-OIG has the discretion to exercise its permissive exclusion authority, if such conduct leads to a criminal conviction for a program-related crime, it is required by law to exclude the providers or entities from participation in federal health care programs. See 42 U.S.C. § 1320a-7(a) (mandatory exclusion authority). 2 The False Claims Act prohibits knowingly submitting or causing to be submitted false claims for payment to the federal government. See 31 U.S.C. § 3729. The Anti-Kickback statute prohibits knowingly and willfully soliciting, receiving, offering, or paying any remuneration (or “kickbacks”) in return for or to induce referrals of items or services reimbursable under a federal health care program, subject to statutory exceptions and regulatory safe harbors. See 42 U.S.C. § 1320a-7b(b). The Stark law prohibits physicians from making “self-referrals”—certain referrals for “designated health services” paid for by Medicare to entities with which the physician (or immediate family) has a financial relationship. See 42 U.S.C. § 1395nn. Claims submitted as a result of activities that violate the Anti-Kickback statute or Stark law are considered false claims and, as a result, create additional liability under the False Claims Act. Page 1 GAO-18-322 Agreements to Protect Federal Health Care Programs entities, such as pharmaceutical manufacturers. CIAs apply to larger corporations, and IAs apply to individual practitioners, small physician groups, or businesses with a small number of employees, a single location, or a limited corporate structure. 3 These agreements typically last either three or five years, depending on the type of agreement, and include provisions that focus on the entity’s implementation of compliance measures or the development of a compliance program. For example, the agreements generally require entities to implement training programs or to hire outside reviewers to audit claims billed to Medicare and other federal health care programs. Such measures are intended to help promote adherence to applicable laws and program requirements and protect the integrity of federal health care programs. The Office of Counsel to the Inspector General within HHS-OIG is responsible for negotiating the agreements. HHS-OIG officials often negotiate the agreements at the same time that officials at the Department of Justice (DOJ) are separately negotiating a settlement of legal claims against the entity for related false claims allegations. 4 The Office of Counsel to the Inspector General is also responsible for monitoring compliance with the terms of the agreements once they take effect. If an entity fails to comply with the obligations specified in its agreement, HHS-OIG can use the enforcement provisions in the agreement, which range from the ability to impose monetary penalties— referred to as stipulated penalties—to potential exclusion from federal health care programs for material breaches of a repeated or flagrant nature. Both CIAs and IAs are key tools in the government’s efforts to promote compliance with applicable laws and program requirements and to ensure the integrity of federal health care programs. Concerns have been raised that there is limited information available to the public regarding HHS- OIG’s implementation of CIAs and IAs. You asked us to review issues 3 For the purposes of this report, we refer to CIAs and IAs collectively as “agreements” unless otherwise specified. These agreements may be entered into with individuals or with entities; for our purposes we use the term entities to capture both. Prior to 2010, HHS-OIG also negotiated other agreement types in addition to CIAs and IAs that have since been phased out. 4 These DOJ settlements typically do not involve a determination of liability. While HHS- OIG may seek exclusion for providers and entities that it finds to have committed health care fraud, only DOJ and certain private individuals known as “relators” or “whistleblowers” may bring claims asserting liability for health care fraud under the False Claims Act on behalf of the federal government. Page 2 GAO-18-322 Agreements to Protect Federal Health Care Programs related to HHS-OIG’s use and oversight of these agreements. This report examines 1. the number of agreements HHS-OIG has entered into since July 2005 and their general characteristics; 2. the circumstances that may lead HHS-OIG to seek an agreement with an entity and the standard provisions of agreements; and 3. how HHS-OIG monitors agreements and the actions HHS-OIG has taken, if any, in response to any entity’s noncompliance with agreement terms since July 2005. To determine the number of agreements HHS-OIG has entered into since July 2005 and their characteristics, we primarily relied on a database created and maintained by HHS-OIG to track agreements. We examined all agreements entered into by HHS-OIG from July 14, 2005—the date the agency created its database—to July 26, 2017, the date we obtained an electronic copy of the database. 5 We analyzed data on the number of agreements, type of agreements, and the type of entities involved. We also analyzed features of any related legal settlements with DOJ that were in HHS-OIG’s database, including settlement amounts and whether cases were brought by DOJ, or by a private individual under the whistleblower, or qui tam, provisions of the False Claims Act. 6 We also interviewed HHS-OIG officials with relevant policy and technical expertise. To determine the reliability of HHS-OIG’s agreement database, we reviewed supporting documentation, and we discussed the accuracy of the data, and the controls in place for entering and updating the data, with knowledgeable HHS-OIG officials. We also reviewed the data to identify any data fields that were blank or that had other anomalies and clarified with HHS-OIG any corrections that were needed. On this basis, we determined that the data were sufficiently reliable for the purposes of our reporting objectives. 5 For simplicity, we generally refer to the time period of July 14, 2005 to July 26, 2017 as “from July 2005 through July 2017.” 6 Private individuals can file suit for alleged violations of the False Claims Act on behalf of the government. A suit filed on behalf of the government by an individual with evidence of fraud is known as a qui tam action and the person bringing the action is referred to as a “relator” or “whistleblower”. See 31 U.S.C. § 3730(b). Page 3 GAO-18-322 Agreements to Protect Federal Health Care Programs To examine the circumstances that may lead HHS-OIG to seek an agreement with an entity, we analyzed HHS-OIG’s data for all agreements entered into from July 2005 through July 2017 regarding the initial allegations in the investigations associated with the HHS-OIG agreements during that time. 7 To describe the standard provisions of agreements, we reviewed the different agreement templates that HHS- OIG officials use to guide development of the agreements. In addition, we reviewed 32 agreements that HHS-OIG had entered into from January 2010 through July 2017—a 10 percent sample of all agreements during this time. We selected agreements from January 2010 through July 2017, because the purpose of our review was to identify current agreement provisions, and prior to 2010 other agreement types were used that have been phased out and are not currently used. We used this review to identify examples of standard provisions and to gain a broad understanding of how actual agreements compare to HHS-OIG’s templates. Although our sample was not generalizable, we used agreement type (e.g., CIA or IA) and type of entity (e.g., hospital or individual practitioner) as selection criteria to ensure that we selected agreements that were representative of the proportion that each agreement type and entity type represented of total agreements. We analyzed HHS-OIG’s data to understand the number and type of reviews, such as reviews of Medicare claims, which have been required in agreements from July 2005 through July 2017. We also interviewed HHS- OIG officials about the agency’s exclusion authority, the agency’s negotiation of agreements, and the standard provisions included in agreements. Finally, we interviewed DOJ officials regarding the DOJ legal settlement process and how, if at all, it relates to HHS-OIG’s agreements. To examine how HHS-OIG monitors agreements and addresses noncompliance, we reviewed relevant documentation, including agreement templates, which outline the conditions in which an entity would be considered in breach or default of its agreement. We also analyzed data from HHS-OIG’s database on the actions HHS-OIG has taken for identified noncompliance, including the amounts of any stipulated penalties that HHS-OIG demanded from entities and the number of exclusion letters HHS-OIG issued, that were associated with 7 The HHS-OIG data we reviewed for agreements were the initial allegation codes that HHS-OIG agents assigned upon opening their investigation. According to HHS-OIG officials, the conduct covered under the legal settlement with DOJ, known as the settled conduct, may ultimately be more limited than the initial allegations that HHS-OIG agents identified. Page 4 GAO-18-322 Agreements to Protect Federal Health Care Programs any agreements that HHS-OIG entered into from July 2005 through July 2017. Finally, we interviewed HHS-OIG officials about their process for monitoring agreements and the potential actions that officials can take if they find that an entity is not in compliance with the terms of its agreement. We conducted this performance audit from March 2017 to April 2018 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background HHS-OIG Exclusion HHS-OIG has the authority to exclude providers and other entities that Authority have committed certain acts from participation in federal health care programs. 8 According to HHS-OIG guidance, exclusion is a remedial measure designed to protect federal health care programs from any entity whose participation constitutes a risk to the programs or to program beneficiaries. Federal health care programs will not pay for any items or services furnished, ordered, or prescribed by excluded entities. Exclusions are mandatory under certain circumstances and permissive in others. 9 In particular, mandatory exclusion applies to offenses that result in convictions relating to patient abuse or neglect and other crimes related to federal health care programs. 10 When these offenses occur, but there 8 See 42 U.S.C. §§ 1320a-7(a), (b), (c), and 42 U.S.C. § 1320c-5. For the full list of HHS- OIG’s exclusion authorities, see: https://oig.hhs.gov/exclusions/authorities.asp.Federal health care programs include Medicare, Medicaid, and all other plans and programs that provide health benefits funded directly or indirectly by the United States (other than the Federal Employees Health Benefits Program), including certain state health care programs. See 42 U.S.C. § 1320a-7b(f) and 42 C.F.R. § 1000.10 (2017). 9 Compare 42 U.S.C. § 1320a-7(a) (mandatory exclusion) with § 1320a-7(b) (permissive exclusion). 10 42 U.S.C. § 1320a-7(a)(1), (2). Page 5 GAO-18-322 Agreements to Protect Federal Health Care Programs is no criminal conviction, HHS-OIG may exercise its permissive exclusion authority. 11 In certain circumstances where HHS-OIG can exercise its permissive exclusion authority, it evaluates each situation and decides what action to take based on its assessment of the future risk the entity poses to federal health care programs. 12 Actions that HHS-OIG can consider taking include the following: • Exclusion. HHS-OIG will exclude the highest-risk entities from participation in federal health care programs. 13 • Require the entity to enter into an agreement. HHS-OIG can require an entity to enter into a CIA or IA in exchange for a release of HHS-OIG’s exclusion authority. According to HHS-OIG guidance, the goals of these agreements are to strengthen an entity’s compliance program and promote compliance so that any issues in the future can be prevented or identified, reported and corrected. • Heightened scrutiny. According to HHS-OIG officials, heightened scrutiny is reserved for situations in which the agency determined that an agreement was warranted but the entity was uncooperative. In such situations, HHS-OIG considers what other unilateral monitoring steps it can take to impose greater scrutiny. For example, according 11 42 U.S.C. § 1320a-7(b). For example, HHS-OIG’s authority under 42 U.S.C. 1320a- 7(b)(7) to initiate permissive exclusion for kickbacks is independent from the mandatory exclusion under 42 U.S.C. 1320a-7(a)(1) that applies to persons criminally convicted of violating the Anti-Kickback statute. 12 In April 2016, HHS-OIG issued a policy statement that revised HHS-OIG’s non-binding criteria for evaluating exclusion under 42 U.S.C. § 1320a-7(b)(7), which is the specific exclusion authority HHS-OIG cites as the bases for imposing CIAs and IAs related to health care false claims. See Department of Health and Human Services Office of Inspector General, Criteria for implementing section 1128(b)(7) exclusion authority, accessed April 17, 2017, https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf. This policy statement superseded and replaced the non-binding criteria published in 1997. See 62 Fed. Reg. 67,392 (Dec. 24, 1997). According to HHS-OIG officials, these criteria were updated to better reflect their current approach and to be transparent about the factors that they consider when evaluating whether to exercise their permissive exclusion authority. 13 According to HHS-OIG officials, in concluding that an entity is “high-risk”, they review and consider all of the relevant facts and circumstances, and they do not weight any of these factors. Different scenarios and risk factors can result in exclusion. For example, one high-risk exclusion scenario could involve a high financial loss to federal health care programs and the presence of other minimal risk factors, while another scenario could be one in which only one risk factor is present, such as egregious patient harm. Page 6 GAO-18-322 Agreements to Protect Federal Health Care Programs to HHS-OIG guidance, the agency has audited, evaluated, or investigated entities after fraud settlements when the entity would not enter into an agreement with HHS-OIG and it has made referrals to the Centers for Medicare & Medicaid Services for claims reviews. • Reserve exclusion authority. For certain entities, HHS-OIG may reserve its exclusion authority and take “no further action,” meaning that HHS-OIG will not exclude the entity at that time and will not require the entity to enter into an agreement. • Release of exclusion authority. In certain circumstances, HHS-OIG will release its exclusion authority without imposing additional requirements. Specifically, HHS-OIG may do this in situations in which the entity has self-disclosed the fraudulent conduct to HHS-OIG or has agreed to integrity obligations with a state or the DOJ that HHS- OIG has determined are sufficient. 14 Agreement Negotiation In situations in which HHS-OIG is evaluating whether to exercise its and Monitoring permissive exclusion authority, DOJ is often separately negotiating a settlement of the civil and/or criminal case against the entity on behalf of the federal government. Typically, such settlements resolve allegations that the entity is liable under the False Claims Act for submitting false claims to federal health care programs. According to both HHS-OIG and DOJ officials, if there is a related DOJ civil or criminal case and HHS-OIG officials are also negotiating an agreement with the entity in lieu of exclusion, the DOJ and HHS-OIG negotiations often occur at the same time or “on a parallel track.” However, according to these officials, while HHS-OIG and DOJ officials share information as needed, each engage in separate negotiations with the entity. 15 According to HHS-OIG officials, there are also situations in which HHS-OIG enters into an agreement when there is not a related DOJ legal settlement. 14 Many states have enacted state-level false claims acts that establish civil liability to the states for entities that submit false or fraudulent claims under state Medicaid programs. According to DOJ officials, the agency coordinates with states through their respective state Medicaid Fraud Control Units and for cases involving multiple states, the agency coordinates with the National Association of Medicaid Fraud Control Units. 15 According to HHS-OIG officials, for HHS-OIG to decide that an agreement is necessary, it will have gathered enough evidence to determine that the entity committed a prohibited act, which if proven in a court of law, would provide a basis for exclusion. However, under these circumstances a court has not ruled on the legality of the entity’s acts and the entity has not admitted to any wrongdoing. Page 7 GAO-18-322 Agreements to Protect Federal Health Care Programs The Office of Counsel to the Inspector General within HHS-OIG is responsible for negotiating agreements and for monitoring them once they take effect. 16 All agreements include provisions that identify the enforcement actions HHS-OIG can take when it finds that an entity has not complied with the terms of its agreement. These enforcement provisions outline the monetary penalties, referred to in the agreements as stipulated penalties, which HHS-OIG will demand if it identifies that the entity has failed to comply with certain agreement terms. The enforcement provisions also outline what constitutes a material breach of the agreement and indicate that exclusion can result if the entity is found to have materially breached its agreement. Examples of a material breach of the agreement include repeated violations of any of the agreement’s obligations and the failure to respond to a demand letter from HHS-OIG concerning the payment of stipulated penalties. From July 2005 through July 2017, HHS-OIG entered into 652 new From 2005 through agreements—an average of about 50 agreements per year—ranging from 2017, HHS-OIG a high of 83 to a low of 37. The agreements were almost exclusively CIAs, which apply to larger corporations, and IAs, which apply to Entered into Dozens individual practitioners and entities such as small physician groups. HHS- of New Agreements OIG has used CIAs and IAs exclusively since 2010. From 2010 to July 2017, 74 percent of agreements have been CIAs and 26 percent of Each Year, the agreements have been IAs. See figure 1 for more information on the Majority of Which number and types of agreements since July 2005. Applied to Three Types of Entities 16 According to HHS-OIG officials, the average agreement negotiation will usually take one to four months, depending on the size and complexity of the entity. As of October 2017, HHS-OIG officials told us that 27 attorneys and 4 managers within the Office of Counsel to the Inspector General were involved in the negotiation of agreements. Page 8 GAO-18-322 Agreements to Protect Federal Health Care Programs Figure 1: Annual Distribution of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity, by Type, July 2005 – July 2017 Notes: Data are from July 14, 2005, when HHS-OIG created its database, to July 26, 2017, when we obtained the data, and are presented by calendar year. Over this period, HHS-OIG entered into 652 new agreements. “Other” includes older agreement types that HHS-OIG has phased out. HHS-OIG officials said that the agency transitioned away from other agreement types because of certain limitations that made them less useful than CIAs and IAs. For example, one historical agreement type— Certification of Compliance Agreements—did not provide sufficient opportunities for oversight, yet it required significant resources to create, officials said. 17 Another discontinued agreement type—Settlement 17 Certification of Compliance Agreements were used when HHS-OIG determined that an entity’s existing compliance program contained the basic elements typically required under a CIA. These agreements, which had a term of 3 years, included a declaration describing the entity’s existing compliance program, and required annual certifications that the existing compliance program continued to be maintained, rather than detailed annual reports. Absent such detail, the certifications were difficult to verify, HHS-OIG officials said. Page 9 GAO-18-322 Agreements to Protect Federal Health Care Programs Agreement with Integrity Provisions—was negotiated as part of the DOJ settlement, such that HHS-OIG needed to work through DOJ if there was a need to take action for noncompliance. 18 Although HHS-OIG and DOJ negotiate their agreements and settlements separately now, the majority of CIAs and IAs, are still associated with a DOJ legal settlement. Of the 652 agreements from July 2005 through July 2017, 619 were paired with a DOJ settlement, while 33 were the result of HHS-OIG independently exercising its exclusion authority. The total number of agreements in effect each year for the period we reviewed, which includes new agreements and ongoing agreements from past years, has decreased. Between 2006 and 2016 (the earliest and latest full years included in HHS-OIG’s database), the number of agreements in effect for any part of the calendar year decreased by 44 percent (see fig. 2). According to HHS-OIG officials, this is because, over time, the agency has increasingly focused its resources on entities that present the highest risk of potential fraud. Specifically, HHS-OIG officials said that in 2006 they first imposed a monetary threshold for damages caused to federal health care programs, above which the agency would pursue an agreement. HHS-OIG officials told us that they initially set this threshold at $100,000, but that in 2014 the agency increased it to $500,000 for smaller entities (i.e., those eligible for IAs) and $1 million for larger entities (i.e., those eligible for CIAs). HHS-OIG officials added that the monetary threshold is one factor that triggers pursuit of an agreement, and that risk of beneficiary harm may also cause the agency to seek an agreement, even when damages are low. HHS-OIG, in using these criteria, said that it is foregoing pursuing agreements with low-damage, lower-risk entities, instead taking no further action but reserving its exclusion authority. 18 Settlement Agreements with Integrity Provisions included compliance requirements that were much more limited than the models used today, according to HHS-OIG officials, and were costly to enforce because, as an attachment to a DOJ legal settlement, DOJ would need to obtain a court order agreeing that the settlement was breached before enforcement could occur. Page 10 GAO-18-322 Agreements to Protect Federal Health Care Programs Figure 2: Number of HHS-OIG’s New and Ongoing Agreements to Protect Federal Health Care Program Integrity That Were in Place Each Year, July 2005 – July 2017 Notes: Data are from July 14, 2005, when HHS-OIG created its database, to July 26, 2017, when we obtained the data, and are presented by calendar year. Ongoing agreements in a given year are those that began in a prior year, but were in effect for at least part of the year. HHS-OIG entered into agreements with a wide range of entities, but most were concentrated among a few types of entities. Specifically, HHS-OIG entered into agreements with 30 different types of entities from July 2005 through July 2017, though slightly more than half of the agreements were with 3 types—individual/small group practices, hospitals, and skilled nursing facilities. Another quarter of the agreements were with medical group practices, pharmaceutical manufacturers, clinics, medical device manufacturers, and ambulance companies. (See fig. 3.) Page 11 GAO-18-322 Agreements to Protect Federal Health Care Programs Figure 3: Distribution of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity, by Type of Entity, July 2005 – July 2017 Note: Data are from July 14, 2005, when HHS-OIG created its database, to July 26, 2017, when we obtained the data. HHS-OIG officials stated that it is rare for the agency to enter into multiple agreements with the same entity, adding that the few entities that have had multiple agreements were generally large corporations with multiple divisions or sites, and that the agreements applied to different areas of the firms’ business. Our analysis of HHS-OIG data showed that 15 entities had more than one agreement from July 2005 through July 2017. In other situations, HHS-OIG extended an ongoing agreement, rather than entering a new agreement with the same entity, in light of new allegations that arose during the time the agreement was in effect. From July 2005 through July 2017, the time periods for five agreements were extended beyond the standard five years to reflect new settlements with DOJ. Almost all of the agreements we reviewed were negotiated by HHS-OIG at the same time DOJ was negotiating a legal settlement with the entity to Page 12 GAO-18-322 Agreements to Protect Federal Health Care Programs resolve related allegations under the False Claims Act. Many of these allegations resulted from cases filed by a whistleblower under the False Claims Act’s qui tam provisions—commonly referred to as qui tam cases. 19 Slightly more than half of HHS-OIG agreements are with entities who settled qui tam cases. From July 2005 through July 2017, agreements imposed by HHS-OIG as a result of claims alleged by a whistleblower in a qui tam case increased in prevalence compared to agreements that were not associated with a qui tam case. 20 (See fig. 4.) 19 A suit filed on behalf of the government by an individual with evidence of fraud is known as a qui tam action and the person bringing the action is referred to as a “relator” or “whistleblower”. In qui tam cases, the relator can receive a portion of a monetary settlement, reasonable expenses necessarily incurred, and attorney’s fees and costs. See 31 U.S.C. § 3730(b), (d). 20 The majority of health care-related False Claims Act cases are filed by relators as qui tam, and not all of the resolutions of these matters resulted in an agreement with HHS- OIG. In fiscal year 2017, of the 544 new False Claims Act health care-related matters handled by DOJ, 491 (90 percent) were qui tam cases. Of the $2.5 billion in recoveries that year associated with health care cases, $2.1 billion (83 percent) was associated with qui tam cases intervened in or pursued by DOJ. The prevalence of qui tam cases has increased since the enactment of False Claims Act amendments in 1986, 2009, and 2010, which created stronger incentives for private citizens to bring action related to false claims submitted to government programs, including raising the minimum penalty for each violation, providing for three times the government’s actual damages, and increasing the share of damages awarded to relators. See, e.g., False Claims Amendments Act of 1986, Pub. L. No. 99-562, 100 Stat. 3153 (Oct. 27, 1986). Page 13 GAO-18-322 Agreements to Protect Federal Health Care Programs Figure 4: Number of HHS-OIG’s New Agreements to Protect Federal Health Care Program Integrity That Were and Were Not Associated with Qui Tam Cases, July 2005 – July 2017 Notes: Data are from July 14, 2005, when HHS-OIG created its database, to July 26, 2017, when we obtained the data, and are presented by calendar year. Agreements associated with qui tam cases are those for which the Department of Justice (DOJ) intervened on behalf of the federal government in a case filed under the qui tam provisions of the False Claims Act. Qui tam cases are initiated by individuals with evidence of fraud, who are referred to as “relators” or “whistleblowers.” In qui tam cases, the relator can receive a portion of a monetary settlement, reasonable expenses necessarily incurred, and attorney’s fees and costs. Agreements not associated with qui tam cases include those associated with DOJ-initiated cases (283) or that were the result of investigations initiated by HHS- OIG (33). The DOJ-negotiated settlement amounts associated with qui tam cases, among those entities that also entered into an agreement with HHS-OIG, greatly exceeded the settlement amounts negotiated for non-qui tam cases and make up most of the total settlement amounts. From July 2005 through July 2017, total settlement amounts, among those entities that also entered into an agreement with HHS-OIG, were $16.1 billion for qui tam cases and $3.1 billion for all others. A spike in settlement amounts in 2012 reflects two settlements, one of $2 billion and another of $800 million, with two pharmaceutical manufacturers. (See fig. 5.) Page 14 GAO-18-322 Agreements to Protect Federal Health Care Programs Figure 5: Total Settlement Amounts, by Qui Tam Status, among Entities That Also Entered into an Agreement to Protect Federal Health Care Program Integrity with HHS-OIG, July 2005 – July 2017 Notes: Data are from July 14, 2005, when HHS-OIG created its database, to July 26, 2017, when we obtained the data, and are presented by calendar year. Over this period, the Department of Justice (DOJ) negotiated settlement amounts, among entities that also entered into an agreement with HHS- OIG, totaled $19.2 billion. Agreements associated with qui tam cases are those for which the DOJ intervened on behalf of the federal government in a case filed under the qui tam provisions of the False Claims Act. Qui tam cases are initiated by individuals with evidence of fraud, who are referred to as “relators” or “whistleblowers.” In qui tam cases, the relator can receive a portion of a monetary settlement, reasonable expenses necessarily incurred, and attorney’s fees and costs. Agreements not associated with qui tam cases include those associated DOJ-initiated cases (283) or that were the result of investigations initiated by HHS-OIG (33). Although pharmaceutical manufacturers accounted for about 6 percent of entities subject to an agreement with HHS-OIG from July 2005 through July 2017, they represent a large share of the settlement amounts DOJ negotiated with those entities: $11.8 billion out of $19.2 billion (62 percent). The next largest shares of settlement amounts DOJ negotiated were with hospitals at $2.5 billion and medical device manufacturers at almost $900 million. Most of the pharmaceutical settlements associated with HHS-OIG agreements were qui tam cases (31 of 37 agreements), and a third of all qui tam settlement amounts were associated with just 4 pharmaceutical qui tam cases. Page 15 GAO-18-322 Agreements to Protect Federal Health Care Programs HHS-OIG Considers Risk Factors, Such As an Entity’s Conduct, When Evaluating Whether to Exercise its Exclusion Authority and in Negotiating Agreements HHS-OIG Has Criteria to HHS-OIG guidance includes the criteria that agency officials said they Determine Whether to follow to determine whether to exercise the agency’s permissive exclusion authority, or take an alternate action, such as entering into an Pursue Exclusion or Enter agreement with an entity. According to HHS-OIG officials and agency into an Agreement; Certain guidance, each situation is evaluated on a risk continuum and the course Initial Allegations Were of action chosen is based on the agency’s assessment of the future risk Common among Entities the entity poses to federal health care programs. HHS-OIG has four That Entered Into broad categories of criteria that it applies in deciding where an entity falls on the risk continuum and which action to take. These four categories are Agreements (1) the nature and circumstances of the conduct; (2) conduct during the government’s investigation; 3) whether the entity has made efforts to improve its conduct; and 4) the entity’s history of compliance. According to HHS-OIG officials, the agency will exclude the highest-risk entities, and since fiscal year 2011, under its permissive exclusion authority, HHS-OIG has excluded 65 entities that were the subject of a related DOJ legal settlement. However, HHS-OIG guidance states that HHS-OIG often concludes that exclusion is not necessary, so long as the entity will enter into an agreement with the agency. 21 21 Other courses of action on the risk continuum include subjecting the entity to heightened scrutiny, reserving its exclusion authority by taking no further action, or granting a full release of their exclusion authority. For entities that were the subject of a related DOJ legal settlement in fiscal years 2016 and 2017, HHS-OIG used heightened scrutiny in 11 instances; reserved its exclusion authority in 260 instances; and granted a full release of its exclusion authority in 42 instances. Page 16 GAO-18-322 Agreements to Protect Federal Health Care Programs For new agreements from July 2005 through July 2017, our review of HHS-OIG data showed that there were four main types of initial allegations that resulted in the entity entering into an agreement with HHS-OIG. This included: • billing for services not rendered - 194 agreements (about 30 percent); • provision of medically unnecessary services - 136 agreements (about 21 percent); • acts prohibited under the Anti-Kickback statute - 135 agreements (about 21 percent); and • misrepresentation of services and/or products – 131 agreements (about 20 percent). 22 The majority of agreements (about 63 percent) were associated with one initial allegation. However, some agreements were associated with more than one initial allegation: about 23 percent of agreements from July 2005 through July 2017 were associated with two initial allegations and about 15 percent were associated with three or more initial allegations. 23 Agreements Included We compared the provisions required in selected agreements to those Standard Provisions with outlined in HHS-OIG’s current agreement templates and found that the provisions were generally similar. All of HHS-OIG’s templates and the Some Variation to Address agreements we reviewed were organized into the same broad sections. Risks Specific to the For example, all of the templates and agreements contained sections Entities detailing the information entities were required to submit to HHS-OIG in an initial implementation report and in annual reports, and all agreements had a section that outlined the enforcement provisions for the agreement. In addition, there generally was a standard term for agreements of either three or five years depending on the type of agreement. All 23 of the CIAs we reviewed had a term of five years, and of the nine IAs we reviewed, five had a 5-year term and four had a 3-year term. The IAs with a longer 5-year term generally were older agreements from 2010 or 2011. According to HHS-OIG officials, the current practice is to negotiate 3-year terms for IAs and 5-year terms for CIAs. 22 Misrepresentation of services and/or products encompasses a range of conduct. For example, for one agreement, the settled conduct involved providing improper remuneration and falsifying a physician’s signature on multiple laboratory test requisition forms to receive payment from Medicare for medically unnecessary tests. 23 The percent of agreement numbers in the paragraph do not sum to100 due to rounding. Page 17 GAO-18-322 Agreements to Protect Federal Health Care Programs HHS-OIG has developed agreement templates that include standard provisions to address the risks an entity’s noncompliance could pose to federal health care programs. Additionally, in some templates, provisions are included to address the specific types of conduct that gave rise to the agreement. HHS-OIG has four templates for use in negotiating CIAs and two for negotiating IAs, and HHS-OIG officials said that they will use one of the six templates as a starting point when drafting an agreement. 24 HHS-OIG officials told us that the terms included in agreements are similar across CIAs and IAs because certain provisions are non- negotiable. For example, officials said that they always include provisions requiring an entity to hire a compliance officer, submit annual reports, and provide HHS-OIG with access to the entity when requested. Across the various types of templates, there are similar standard provisions, and our review of selected agreements found many of the same provisions. For example, among the 32 agreements we reviewed: • All 32 agreements required the entity to engage an independent review organization to perform the agreement’s required reviews, including claims reviews. Entities have retained a variety of individuals and businesses as their independent review organization, ranging from small regional consulting firms to large national consulting or accounting firms. 25 For agreements HHS-OIG has entered into from July 2005 through July 2017, our review of the agency’s data found that there were 173 unique associated independent review organizations. 26 24 HHS-OIG has developed CIA templates for 1) standard agreements; 2) agreements with pharmaceutical manufacturers; 3) agreements involving conduct related to acts prohibited under the Anti-Kickback statute and Stark law; and 4) agreements involving offenses related to quality of care issues. In addition, HHS-OIG has developed IA templates for 1) individual practitioners and 2) small businesses. 25 HHS-OIG does not select the independent review organization for entities, although it can require the entity to select a different independent review organization under certain circumstances. HHS-OIG has posted guidance on its website detailing its views on what entities should consider in assessing the independence and objectivity of their independent review organization. See Department of Health and Human Services Office of Inspector General OIG Guidance on IRO Independence and Objectivity last accessed February 5, 2018, https://oig.hhs.gov/compliance/corporate-integrity-agreements/resources.asp. 26 Of the agreements HHS-OIG entered into from July 2005 through July 2017, 394 had an independent review organization entered in the HHS-OIG’s database. Some independent review organizations were associated with multiple agreements. The number of agreements a given independent review organization was associated with ranged from 1 to 26. Page 18 GAO-18-322 Agreements to Protect Federal Health Care Programs • All 32 agreements had training and education requirements, although the specifics of the required training, such as the number of hours or the specific topics, varied across agreements. • 28 of the 32 agreements reviewed required the entity to have a compliance officer. The four agreements that did not require this were two IAs for small group practices, one for a medical group practice, and one for a clinic that named an individual practitioner as a party to the agreement. Although agreements shared many standard provisions, some provisions were unique to either CIAs or IAs. Many of the CIAs that we reviewed included provisions detailing specific responsibilities for the entity’s board of directors (18 of 23 CIAs) and requirements for certain high-level employees to annually certify that they were in compliance with federal health care program requirements and the provisions of the agreement (12 of 23 CIAs). None of the nine IA’s we reviewed included these provisions. On the other hand, all nine IAs we reviewed (and one CIA) had provisions regarding third-party billing. If the provider subject to the agreement contracted with a third-party billing company to submit claims on the provider’s behalf, these agreements required the provider to certify that they did not have an ownership or controlling interest in the third- party billing company. In addition to agreement type, provisions also varied due to the nature of the conduct that led to the agreement or the type of entity entering into the agreement. For example, some agreements included provisions intended to ensure compliance with the Anti-Kickback statute and Stark law (8 of 32). HHS-OIG officials told us that specific provisions related to the Anti-Kickback statute and Stark law would only be present in agreements when the conduct that had led to the agreement involved acts prohibited under those statutes, such as prohibited kickbacks or improper referral arrangements. Other agreements include provisions specific to monitoring quality of care issues. For example, one of the agreements we reviewed was a quality of care CIA that required the entity to retain an independent monitor to examine, among other things, the entity’s internal quality control systems and its response to quality of care issues. 27 In addition, 2 of the 32 agreements we reviewed were with pharmaceutical manufacturers and contained provisions not in other agreements because they would only be relevant to a pharmaceutical 27 A quality of care CIA is a specific type of agreement that HHS-OIG enters into when the conduct that led to the agreement involved fraud that impacted the quality of patient care. Page 19 GAO-18-322 Agreements to Protect Federal Health Care Programs manufacturer. For example, both agreements we reviewed had a requirement that the manufacturers, within 30 days, provide HHS-OIG with a copy of any written communication with the Food and Drug Administration that materially discussed the actual or potential unlawful or improper promotion of the manufacturer’s product. According to HHS-OIG data, most of the 652 agreements entered into from July 2005 through July 2017 (about 95 percent) required the entity to perform at least one review as part of the agreement. The most common types of required reviews captured in HHS-OIG’s database during this time were reviews of health care claims, unallowable costs, and arrangements. 28 Slightly more than half of the agreements (19 of 32) we reviewed required the entity to perform a claims review. 29 Fifteen of these were annual claims reviews and four were quarterly claims reviews. In addition, slightly more than a quarter of agreements we reviewed (9 of 32) required an unallowable costs review. 30 Finally, a quarter of the agreements (8 of 32) required the entity to perform an arrangements review. The eight agreements requiring an arrangements review were the same agreements that included a section with provisions related to compliance with the Anti-Kickback statute and Stark law. A few agreements had required reviews that were not common across the agreements we reviewed and usually related to the types of services that the entity provided. For example, three agreements we reviewed required 28 According to the template for agreements involving conduct related to acts prohibited under the Anti-Kickback statute and Stark law, an arrangement is any arrangement or transaction that a) involves directly or indirectly, the offer, payment, solicitation, or receipt of anything of value; and is between the provider and any actual or potential source of health care business or referrals to the provider or any actual or potential recipient of health care business or referrals from the provider; or b) is between the provider and a physician (or physician’s immediate family member) who makes a referral to the provider for designated health services. An arrangements review is a review of the systems, policies, processes, and procedures for initiating, reviewing, approving, and tracking any arrangement as well as a review of a selected number of the entity’s arrangements. 29 According to the standard CIA template, a claims review is a review of claims submitted by the entity and reimbursed by the Medicare and Medicaid programs, to determine whether the items and services furnished were medically necessary and appropriately documented and whether the claims were correctly coded, submitted, and reimbursed. 30 An example of an unallowable cost would be the cost of retaining an independent review organization or cost of preparing reports for HHS-OIG. Although we found unallowable cost reviews in our analysis of HHS-OIG’s data for agreements entered into from July 2005 through July 2017 and in our review of selected agreements, such reviews are not a component of the current CIA template. According to HHS-OIG officials, unallowable costs are defined in the related DOJ settlement and a review of those costs is no longer included in agreements. Page 20 GAO-18-322 Agreements to Protect Federal Health Care Programs the entity to conduct a cardiac catheterization procedures review, described as an evaluation and analysis of the medical necessity and appropriateness of interventions performed either in the entity’s cardiac catheterization lab or by the provider. HHS-OIG Uses Multiple Strategies to Ensure Compliance with Terms of Agreements and Imposes Certain Penalties When Noncompliance Is Identified HHS-OIG Reviews According to HHS-OIG officials, the agency assigns a monitor to each Required Reports, agreement—an HHS-OIG staff attorney or program analyst—who, for the duration of the agreement, oversees the entity’s compliance with the Communicates with terms of its agreement. 31 Per officials and what is outlined in internal Entities, and Conducts agency documents that describe how to monitor agreements, the Site Visits to Monitor monitors’ responsibilities include: Entities’ Compliance with Agreements • Reviewing the information that entities provide in their initial implementation report, annual reports, and any other reports required 31 According to HHS-OIG officials, a team within HHS-OIG’s Office of Counsel to the Inspector General consisting of a manager, four attorneys, one program analyst, and two paralegals monitor the majority of agreements. However, these officials also stated that other attorneys within the Office of Counsel to the Inspector General also are assigned to monitor agreements. Page 21 GAO-18-322 Agreements to Protect Federal Health Care Programs under the agreement within the time frames established by internal HHS-OIG guidance. 32 • Communicating with entities to provide assistance to those who need help in understanding the requirements or to request additional information when a required report has missing or incomplete information. • Reviewing and responding to periodic correspondence received from entities, including notifications required by the agreement, reportable event disclosures, and other communications from the entity. 33 • Drafting any letters that are sent to the entity, if noncompliance is identified, including letters demanding the payment of penalties— referred to as stipulated penalty demand letters. • Conducting site visits to verify that the entities are complying with the agreements properly. According to internal HHS-OIG guidance, monitors are to select sites primarily based on concerns that they may have with specific entities, as well as other factors, such as the type of provider, the size or complexity of the entity, length of the agreement, and the severity or complexity of the offenses that resulted in the agreement. 34 According to internal HHS-OIG guidance regarding site visit protocol and agency officials we spoke to, during site visits, HHS-OIG officials may conduct document reviews of training records, policies and procedures, or other documents; hold meetings with the compliance officer or board members; or tour the facility, among other activities. Officials said that two HHS-OIG officials typically conduct the site visit—the agreement’s 32 Entities that enter into an agreement with HHS-OIG are required to provide periodic reports that demonstrate their compliance with the provisions outlined in the agreement, including an initial implementation report soon after their agreement begins–usually within 120 days–and an annual report for each year the agreement is in effect. Officials told us that they review required reports soon after they come in, and according to their internal guidance, implementation reports should be reviewed within 30 days of receipt and annual reports within 60 days of receipt. 33 In agreements, a “reportable event” is usually defined as anything that involves a substantial overpayment; a matter that a reasonable person would consider a probable violation of criminal, civil, or administrative laws applicable to any federal health care program for which penalties or exclusion may be authorized; the employment of or contracting with an Ineligible Person; or the filing of a bankruptcy petition by the entity. 34 HHS-OIG has developed a site visit protocol that contains detailed guidance for the HHS-OIG officials conducting the site visit on how to prepare for, schedule, and conduct the site visit. Page 22 GAO-18-322 Agreements to Protect Federal Health Care Programs monitor and one other official—and the site visits typically last about one day to a day-and-a-half. For agreements entered into from July 2005 through July 2017, we found that HHS-OIG officials conducted 211 site visits that were associated with 155 agreements. Thirty of these agreements were associated with more than one site visit ranging from 2 to 10 visits. 35 The majority of the 211 site visits were for CIAs (about 87 percent). During the full calendar years from 2006 through 2016, HHS- OIG completed an average of 18 site visits each year. HHS-OIG Works with Although most entities comply with the provisions of their agreements, Entities to Ensure according to HHS-OIG officials, when noncompliance occurs, the most common issue is the late submission of required reports or reviews. 36 Compliance but May According to HHS-OIG officials, other types of noncompliance range from Impose Monetary falsely certifying the accuracy of reported information to submitting Penalties or Exclude reports that do not include the required elements. According to officials Entities for Noncompliance and as outlined in agreements, HHS-OIG addresses noncompliance in Some Cases through a series of escalating steps, which, in rare instances, may result in the HHS-OIG imposing penalties on an entity as laid out in the agreement (stipulated penalties) or even exclusion of an entity from federal health care programs. 37 Steps HHS-OIG takes to address noncompliance may include: • Working with the entity before taking official action. For example, officials told us that monitors typically request additional 35 Entities that received multiple site visits were sometimes visited at more than one location. For example, one entity receiving 5 site visits had 3 of them at one location and 2 at another location. The entity that had received 10 site visits since July 2005 received them in 6 different locations, and is an entity that HHS-OIG ultimately excluded from participation in federal health care programs. 36 One HHS-OIG official said that she reviews an internal, standard report created every two weeks listing entities that are more than 14 days late in submitting a required report to HHS-OIG and consults with the monitor(s) for those agreements about the situation. The official said that HHS-OIG may issue a late notice at this point, but this is done at the agency’s discretion. This official said that the first step in this situation is usually to contact the entity, but that if additional weeks go by with no response HHS-OIG will issue a stipulated penalties demand letter. 37 The breach and default provisions that address the actions HHS-OIG will take when it identifies noncompliance are standard across agreements. These provisions outline the stipulated penalty amounts that HHS-OIG will impose if it identifies certain violations of agreement terms. The provisions also outline what constitutes a material breach of the agreement and indicate that exclusion can result if the entity is found to have materially breached their agreement. Page 23 GAO-18-322 Agreements to Protect Federal Health Care Programs documentation or information from providers when they identify potential issues rather than imposing stipulated penalties immediately. • Demanding that the entity pay stipulated penalties. HHS-OIG will send a stipulated penalties demand letter to an entity in accordance with the breach and default terms of the agreement. The stipulated penalty amounts for noncompliance with the different provisions are specified in the agreement. According to officials, the stipulated penalty amounts in agreements are non-negotiable and the amounts associated with noncompliance with specific provisions do not change across agreements. The stipulated penalties in agreements range from $1,000 to $50,000 per violation. For example, for each day an entity fails to submit a complete annual report to HHS-OIG by the submission deadline, the stipulated penalty is $2,500 for CIAs and $1,500 for IAs. In addition, for all agreements, each false certification submitted by or on behalf of the entity results in a stipulated penalty of $50,000. 38 For agreements entered into from July 2005 through July 2017, our review of HHS-OIG data found that HHS-OIG issued 41 letters demanding stipulated penalties (between 0 and 7 letters per year) for actions such as the failure to submit annual reports and employing individuals excluded from participation in federal health care programs. 39 In total, HHS-OIG collected about $5.4 million in stipulated penalties during this time. 40 Penalty amounts demanded in each letter ranged from $1,000 to over $3 million, with a median of 38 According to HHS-OIG officials, stipulated penalty amounts have not changed in many years, with one exception. Specifically, officials said that around 2012 or 2013 they changed the penalty for making a false certification to HHS-OIG from $5,000 to $50,000, in order to signal the seriousness of making a false certification. For agreements entered into since July 2005, HHS-OIG issued a total of five noncompliance letters that cited false certification. 39 In agreements, such individuals are referred to as “Ineligible Persons." An Ineligible Person is defined as an individual or entity who is currently excluded from participation in any federal health care program or who has been convicted of a criminal offense that falls within the scope of 42 U.S.C. § 1320a-7(a) (relating to mandatory exclusion) but has not yet been excluded. 40 According to HHS-OIG officials, payments for stipulated penalties go to the Hospital Insurance Trust Fund of the U.S. Treasury, where they are drawn from by the Centers for Medicare & Medicaid Services to fund Medicare. Page 24 GAO-18-322 Agreements to Protect Federal Health Care Programs $18,000. 41 According to HHS-OIG, the stipulated penalty of over $3 million was a record penalty for failure to comply with an agreement. This penalty, according to HHS-OIG, resulted from the entity’s failure to correct improper billing processes and poor claims submission practices that had led to error rates and overpayments to the company by Medicare for hospice services. These issues were uncovered through the claims reviews required under the agreement and HHS-OIG’s site visits to the company’s facilities. • Determining that the entity is in material breach of the agreement. As defined in agreements, this determination may result from repeated or flagrant violations of agreement obligations; failure to notify HHS-OIG of certain reportable events; failure to take corrective actions or make appropriate refunds; failure to respond to a stipulated penalties demand letter; or failure to engage an independent review organization. From July 2005 through July 2017, HHS-OIG issued 10 material breach letters to entities informing them that HHS-OIG intended to exclude them. However, the 10 material breach letters were associated with only 6 agreements, and 5 of the 10 material breach letters issued were to the same entity. These five letters were issued to the entity between March 2012 and January 2014 for a series of alleged material breaches of its agreement including, among other things, a failure to report serious quality of care reportable events or to perform training required under the terms of its agreement. This entity, which was a national chain of clinics that primarily provided dental services to children on Medicaid, was ultimately excluded in September 2014 from participation in federal health care programs, including Medicaid, for a period of five years. • Excluding an entity from participation in federal health care programs. For agreements entered into from July 2005 through July 2017, we found that HHS-OIG has issued five exclusion letters to entities for failing to adhere to their agreements. These exclusion letters were associated with four agreements—2 CIAs and 2 IAs. 42 According to HHS-OIG’s data, these exclusions occurred in 2007 (1), 2014 (1), and 41 One of the stipulated penalties demand letters in our analysis did not specify a penalty amount. Instead, the letter included a request for missing information and gave the entity 10 days to respond, after which penalties of $1,000 per day would begin accruing. The entity responded within the 10 days, so HHS-OIG did not impose penalties. 42 One agreement was associated with two exclusion letters; one letter was issued for defaulting on payment obligations under a civil monetary penalty settlement with HHS- OIG, and the other was issued after the entity failed to respond to HHS-OIG’s demand for stipulated penalties. Page 25 GAO-18-322 Agreements to Protect Federal Health Care Programs 2015 (2). The four entities that were excluded included a durable medical equipment provider, a national chain of clinics, a practice management company, and a medical group practice. An agreement affords the entity the opportunity to respond to a material breach letter prior to the issuance of a notice of exclusion. However, an HHS-OIG official said that, given the multiple steps involved in the breach and default process, it is unlikely that a breach would be addressed satisfactorily by the entity at this stage in the process. Of the four entities that HHS-OIG excluded, three had also previously received a notice of material breach from HHS-OIG. 43 We provided a draft of this report to HHS and DOJ for review and Agency Comments comment. These departments provided technical comments, which we incorporated as appropriate. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretary of HHS, the Attorney General, and the Inspector General of HHS. In addition, the report will be available at no charge on the GAO website at http://www.gao.gov. If you or your staff have any questions about this report, please contact me at (202) 512-7114 or kingk@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made key contributions to this report are listed in appendix I. Kathleen M. King Director, Health Care 43 The remaining entity that did not receive a material breach letter prior to exclusion was excluded for failure to pay the amount due under the terms of its settlement with the United States. Page 26 GAO-18-322 Agreements to Protect Federal Health Care Programs Appendix I: GAO Contact and Staff Appendix I: GAO Contact and Staff Acknowledgments Acknowledgments Kathleen M. King, (202) 512-7114, kingk@gao.gov GAO Contact In addition to the contact named above, Karen Doran (Assistant Director), Staff Alison Goetsch (Analyst-in-Charge), and Perry Parsons made key Acknowledgments contributions to this report. Also contributing were Sam Amrhein, Muriel Brown, Dan Ries, Jennifer Rudisill, and Merrile Sing. (101945) Page 27 GAO-18-322 Agreements to Protect Federal Health Care Programs The Government Accountability Office, the audit, evaluation, and investigative GAO’s Mission arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is Obtaining Copies of through GAO’s website (https://www.gao.gov). Each weekday afternoon, GAO GAO Reports and posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to https://www.gao.gov Testimony and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at https://www.gao.gov. Contact: To Report Fraud, Website: https://www.gao.gov/fraudnet/fraudnet.htm Waste, and Abuse in Automated answering system: (800) 424-5454 or (202) 512-7470 Federal Programs Orice Williams Brown, Managing Director, WilliamsO@gao.gov, (202) 512-4400, Congressional U.S. Government Accountability Office, 441 G Street NW, Room 7125, Relations Washington, DC 20548 Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 James-Christian Blockwood, Managing Director, spel@gao.gov, (202) 512-4707 Strategic Planning and U.S. Government Accountability Office, 441 G Street NW, Room 7814, External Liaison Washington, DC 20548 Please Print on Recycled Paper.